Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
Key Takeaways:
- BitMEX has revealed significant security vulnerabilities within North Korea’s Lazarus Group.
- An unusual IP leak has disclosed a hacker’s location in China.
- G7 leaders intend to discuss North Korea’s increasing cryptocurrency thefts at their forthcoming summit.
The security team at BitMEX has identified considerable operational deficiencies within the Lazarus Group, the North Korean state-sponsored cybercrime organization responsible for numerous high-profile cryptocurrency hacks.
In a recent investigation into counter-operations, BitMEX researchers uncovered technical errors that exposed elements of the group’s infrastructure.
Among the findings were revealed IP addresses, an open database, and tracking algorithms utilized by the group in its operations.
Uncommon Leak Reveals Lazarus Hacker’s IP Address in China
One significant discovery indicates that a hacker may have inadvertently revealed his actual IP address during an operation, pinpointing a location in Jiaxing, China — a rare oversight for the typically secretive group.
Researchers also accessed a Supabase database instance employed by the attackers.
Supabase is a platform that facilitates database deployment, and its utilization by Lazarus underscores the group’s evolving operational resources.
BitMEX’s report highlights a widening gap in the group’s internal organization.
It points out an “asymmetry” between lower-skilled social engineering teams, which are responsible for deceiving users into downloading malware, and the more sophisticated developers crafting advanced exploits.
This fragmentation suggests that Lazarus has divided into sub-groups with differing capabilities.
While some factions depend on basic social engineering, others execute intricate technical assaults targeting the blockchain and technology sectors.
North Korea is financing its weapons program with cryptocurrency acquired through cyberattacks. Hackers have stolen over $50 million from at least three cryptocurrency exchanges between 2020 and mid-2021, according to a U.N. report https://t.co/EkLEJwPjdj pic.twitter.com/edPXkjsaV3
— Reuters (@Reuters) February 8, 2022
Related Posts
The revelations come amid a broader increase in DPRK-associated cyber activity. Global law enforcement agencies are actively investigating the group’s operations.
In September 2024, the FBI issued a warning regarding phishing scams utilizing fake job offers to attract cryptocurrency users.
This alert was subsequently reiterated by officials from Japan, South Korea, and the U.S., who identified Lazarus as a threat to financial stability.
Currently, international apprehension is rising. A Bloomberg report indicates that world leaders may confront the Lazarus threat at the upcoming G7 Summit, considering coordinated strategies to reduce the impact of the group’s actions.
With Lazarus continuing to be a significant presence in the cryptocurrency threat landscape, BitMEX’s findings provide new insights into the group’s operational weaknesses — and possible paths for disruption.
G7 to Discuss North Korea’s Surge in Cryptocurrency Theft
G7 leaders are anticipated to address North Korea’s intensifying cyberattacks and cryptocurrency thefts at next month’s summit in Canada.
While global conflicts remain a priority on the agenda, Pyongyang’s cyber operations, viewed as a crucial funding source for its weapons programs, are receiving urgent attention from member states seeking coordinated responses.
The Lazarus Group, North Korea’s most notorious hacking collective, is believed to be responsible for a series of significant cryptocurrency thefts, including a record $1.4 billion heist from the exchange Bybit in February.
Chainalysis has reported that North Korean-linked actors stole over $1.3 billion across 47 distinct incidents in 2024 alone.
In addition to external hacks, the regime employs rogue IT personnel to infiltrate cryptocurrency firms from within — a tactic highlighted in a joint warning from the U.S., Japan, and South Korea.
North Korean cyber strategies continue to advance. In April, Lazarus-linked operatives reportedly established U.S.-based shell companies to distribute malware to cryptocurrency developers.
Kraken recently thwarted an infiltration attempt by a suspected North Korean individual posing as a job applicant.
BREAKING: KRAKEN CAUGHT A NORTH KOREAN HACKER TRYING TO STEAL IT’S #BITCOIN
THIS IS WILD!! pic.twitter.com/togb4KyBNJ— The Bitcoin Historian (@pete_rizzo_) May 1, 2025
The post BitMEX Uncovers Security Flaws in North Korea’s Lazarus Group Operations appeared first on Cryptonews.
